Several vulnerabilities have been discovered in the Linux kernel that may
lead to a denial of service or leak sensitive data. The Common Vulnerabilities
and Exposures project identifies the following problems:

Eugene Teo reported a missing bounds check in the SCTP subsystem.
By exploiting an integer overflow in the SCTP_AUTH_KEY handling code,
remote attackers may be able to cause a denial of service in the form
of a kernel panic.

Vlad Yasevich reported several NULL pointer reference conditions in
the SCTP subsystem that can be triggered by entering sctp-auth codepaths
when the AUTH feature is inactive. This may allow attackers to cause
a denial of service condition via a system panic.